At A-Team Systems, we handle the security and privacy of our customers with the utmost care. We adhere to stringent security protocols and implement advanced measures to safeguard our systems and protect the integrity and confidentiality of all customer data we may have access to. We understand the trust our customers place in us and treat every piece of customer data as confidential, ensuring it is handled with the highest level of security and care. Our commitment to these principles is critical to our success, and we continuously evolve our security practices, striving to meet and exceed industry standards.
NIST CSF 2.0 / Cybersecurity Framework
A-Team Systems follows the NIST Cybersecurity Framework (CSF) version 2.0, integrating its core functions—Identify, Protect, Detect, Respond, and Recover—into our security protocols and information security policies.
Third-Party Attestation
Omnistruct, a leading compliance specialist organization, is a third party that continuously monitors, governs and attests to our security implementations. This includes compliance under NIST CSF 2.0 and our overall organizational security posture.
Personnel Security
All employees with elevated access undergo a thorough criminal background check as part of our pre-employment screening process.
Each team member must also sign a Non-Disclosure Agreement (NDA) and agree to our comprehensive Code of Ethics, Code of Conduct, Cybersecurity, and Device and Data Security Policies, which detail the technical, professional, and ethical standards expected within our organization. These policies are continuously improved, and employees receive notices of any changes immediately for their review. Each employee is required to re-read all policies annually as well.
Employees also receive robust initial security training with ongoing sessions to stay updated on the latest security practices and threats.
Operational Security
Access and Zero Trust
Our engineers’ access to customer infrastructure is tightly controlled and maintained behind multiple firewall and VPN layers. This creates a private, zero-trust, segregated network that requires multiple authentication methods. Direct customer access is restricted to just a few necessary jump points.
Encryption In Transit
Secure SSL encryption channels are used on any connection over the Internet, including when accessing a customer server. We take “clear text” exposure seriously and enforce password rotations if we suspect credentials may have been exposed.
Authentication, Access Control, and Least Privilege
All customer credentials are stored in a password vault system using the same software employed by the US Department of Energy, the US Department of Commerce, and NASA. This system provides at-rest encryption, role-based access control (RBAC) of credentials, and complete access auditing while enabling the “least privilege” methodology.
Vulnerability and Patch Management
A-Team Systems maintains its servers using the same practices it uses with its customers: Continuous patching, audits, and security scans.
On our servers, we implement an XDR + SIEM solution that correlates activity and provides advanced automated responses to threats across our entire network. We employ a next-generation antivirus and EDR solution on our engineers’ workstations to provide a similar advanced detection and automated response to threats on our end-user devices.
Backups
We leverage a leading cloud backup provider to perform daily backups of all infrastructure, which are both immutable and off-site. This means even we cannot delete or change the backups, only restore from them. Additionally customer credentials and other data in our password vault is backed with this provider, but without the at-rest encryption keys. These keys are stored separately off-site so that it is impossible for the backup provider to decrypt our password vault data.
Threat Awareness
All technical staff, including upper management, receive daily/weekly threat reports and security news updates from various industry sources to stay abreast of new and evolving attack strategies. These are reviewed monthly as part of our security governance meetings and used as scenarios during tabletop exercises. Security training also follows these trends to ensure we’re incorporating relevant situations into our sessions.